cybersecurity

We’re glad to announce version 2.14.0 of Vulnerability-Lookup!
This version introduces several new features, enhancements, and fixes.

What's New

New Watchlist View

You can now view your monitored products and their related vulnerabilities directly in the browser, mirroring the structure of email notifications. Authenticated RSS/Atom feeds are available. (#181)

(enable audio in the screencast)

GNA Verification

We added a way to confirm whether a Vulnerability-Lookup instance is officially operated by a GNA. The information is available on the About page. (#179)

Optional CVD Process

The Coordinated Vulnerability Disclosure module can now be disabled if not applicable to your deployment. (#178)

Changes

Other changes include a smoother post-login experience and a fail-safe around ML-Gateway calls for related vulnerabilities. (#170)

Changelog

📂 To explore the full list of changes, visit the changelog on GitHub:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.14.0

🙏 Thank you very much to all the contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Your feedback is always appreciated!

Follow Us on Fediverse/Mastodon

You can follow us on Mastodon and get real time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/

cross-posted from: https://lemmy.sdf.org/post/39439229

Op-ed by Dr. Dave Venable, Chair of the Institute for Strategic Risk and Security (ISRS), and Mykola Volkivskyi, President of the Geneva Center for Diplomacy and Conflict Resolution who previously served as Advisor to the Chairman of the Committee in the Ukrainian Parliament.

Archived

Spain's recent decision to award Huawei a contract worth €12.3 million to manage and store legally authorized wiretaps raises significant concerns about the country's commitment to digital sovereignty. This move jeopardizes Spain’s national security and undermines the trust that is essential for the intelligence-sharing frameworks of the European Union and NATO.

While Huawei has made considerable efforts to demonstrate technical compliance with European standards, the political reality is more complicated: any sensitive system it builds is, by default, subject to exploitation by Beijing. Huawei is subject to China’s 2017 National Intelligence Law and cannot credibly claim complete independence from the Chinese Communist Party’s (CCP’s) security and intelligence apparatus. Despite this, Madrid’s procurement process proceeded as if the controversy around Huawei had no bearing on the domain of sensitive state surveillance networks.

[...]

Spain’s SITEL Contract is Effectively A Security Breach

Spain’s wiretap system, SITEL, functions as the core for Spanish law enforcement and intelligence wiretap activities, storing sensitive data about targets involved in terrorism, organized crime, and even foreign espionage.

Huawei is technically capable of managing such a system, but under China’s 2017 National Intelligence Law, the company is compelled to cooperate with Chinese intelligence services. This creates a constant vulnerability in any critical infrastructure that Huawei or any PRC company operates abroad. However, Spain's procurement process treated Huawei's bid as if it were a neutral supplier.

[...]

Belgium’s State Security Service (VSSE) added Huawei to a watchlist in 2023 due to concerns about potential espionage. The country’s cybersecurity agency later banned Huawei from 5G networks used in critical sectors after detecting unusual data traffic patterns at a Brussels telecom hub.

The “Generation” bribery scandal worsened these concerns. Members of the European Parliament accepted lavish perks from lobbyists linked to Huawei, raising fears that influence operations had penetrated EU regulatory bodies. This incident eroded public trust and showed how corruption scandals can weaken vendor neutrality.

Belgium’s swift and decisive response demonstrates a security-first approach, which should be adopted across the EU and transatlantic alliance. In contrast, Spain’s SITEL contract indicates either a gap in awareness or a willingness to take risks that could affect Europe’s shared security framework.

[...]

The approach to Huawei varies further across Europe. Greece demonstrates how economic dependence can override security concerns — the country chose Huawei as a key provider for its telecommunications infrastructure. Huawei has even offered discounted equipment and “training centers” for Greek engineers to strengthen this relationship further. However, leaked documents in 2024 revealed that Huawei provided perks to Greek officials to secure these contracts.

[...]

Recent patterns emerging from conflict zones further emphasize the urgent need for a unified security policy [in the EU member states]. In Russian-occupied parts of Ukraine, local populations and military operations are increasingly served by unauthorized mobile operators using Russian and potentially Chinese-supplied infrastructure. These networks—established in Crimea, Donbas, and southern Ukraine—are not only illegal under international law but also structurally opaque, enabling surveillance, population control, and disinformation on a large scale. Evidence indicates that Chinese vendors have been involved in providing equipment to these unauthorized operators, either directly or through intermediaries. In Crimea, for example, existing infrastructure was reportedly transformed using Russian intercept technology (SORM), raising concerns that Chinese equipment may have aided these transitions.

[...]

Spain’s Huawei contract highlights a deeper problem: the lack of binding standards to safeguard Europe’s intelligence infrastructure. Procurement policy is a matter of national security. As hybrid threats grow and alliances face unprecedented pressure, EU and NATO leaders must act to address this critical gap. Without enforceable guidelines, the trust that underpins Europe’s security framework is in jeopardy.

Europe’s credibility hinges on its ability to align its intelligence infrastructure with alliance standards; otherwise, it risks increasing strategic division.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

ArcaneChat 2.6.0 is on its way to Google Play and f-droid and should be available in the upcoming days, can't wait? for other download options check https://arcanechat.me/

🔮 What's new?

★ More security: chats are now encrypted forever, unencrypted email is received in separated recognizable chats marked with an email envelope icon

★ Cleaner UI: Since chats are always encrypted, padlocks and green checkmark icons are gone. Only "Saved Messages" and "Device Messages" chats keep a green checkmark

★ Now channels owners can set an avatar for their channel and subscribers can leave channels

★ Added Text-To-Speech (TTS) support for in-chat apps

★ You can change the order of your profiles in the profile switcher

★ New enhanced screen for chats and contacts profiles

★ And much more small fixes and improvements!

💜 Help keep ArcaneChat independent and make it even more awesome in the future: https://arcanechat.me/#contribute

A sophisticated Linux malware called Koske, discovered in July 2025, hides malicious code within innocent-looking panda bear JPEG images to deploy cryptocurrency miners and establish persistent system access[^1]. Security researchers at AquaSec believe Koske was developed using artificial intelligence, based on its adaptive behaviors and code structure[^2].

The malware exploits misconfigured JupyterLab instances to gain initial access, then downloads two panda images containing separate payloads - a C-based rootkit and a shell script[^3]. Rather than using steganography, Koske employs polyglot files that function as both valid images and executable scripts[^1].

Once executed, the malware:

• Deploys CPU and GPU-optimized miners for 18 different cryptocurrencies
• Establishes persistence through cron jobs and systemd services
• Uses LD_PRELOAD to hide malicious processes and files
• Manipulates DNS settings and network configurations
• Automatically switches mining pools if one becomes unavailable[^1]

"Impersonation and psychological warfare will be a big thing in the coming years," warns Rem Dudas from Palo Alto Networks, noting how AI enables malware to mimic other threat actors' techniques[^4].

[^1]: BleepingComputer - New Koske Linux malware hides in cute panda images

[^2]: The420 - How Is A "Panda" Becoming a Persistent Threat?

[^3]: Securitricks - AI-Generated Malware in Panda Image Hides Persistent Linux Threat

[^4]: BetaNews - Hackers are using AI and panda images to infect Linux machines

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

cross-posted from: https://scribe.disroot.org/post/3685425

Archived

[The report by Irish Council for Civil Liberties can be downloaded from the linked site.]

TLDR:

• Almost every department of the Irish Government and local authorities have installed Chinese surveillance systems. The state body responsible for public buildings, the Office of Public Works (OPW), has designated China’s Hikvision as one of only three permitted security camera manufacturers that can be installed in public buildings.
• Hikvision’s company documents attest that it is controlled by the Chinese State. Hikvision cameras are connected to the Internet and may be relaying the data that they collect to China. Chinese law allows the State to access data held by Chinese companies.
• Irish public bodies, including courts and military, have installed these systems. Some Hikvision cameras are intended to recognise individual members of the public using facial recognition, and people’s emotional states (so-called “emotion recognition” and “behaviour analysis”).
• Hikvision devices are installed on Luas trams and at major train and bus stations (Heuston Station, Busáras, Cork bus station, etc.). It is hard to travel in Ireland without being tracked by China’s Hikvision surveillance system.

In a related report, experts warn Ireland’s current approach to the potential dangers posed by Hikvision raises urgent questions about data privacy, potential foreign access and the State’s alignment with international partners.

“When it comes to things like security cameras, I think it would be naive to wave that aside and not at least have a very in depth conversation about the potential security risks,” Dr Edward Burke, UCD’s assistant professor of war, told us.

“The EU has consistently warned member states to try and firewall critical security, critical national infrastructure, from companies threatening the European Union with mass espionage.

“And one of those countries that they have identified is, of course, China.”

IOCs:

• 107.191.58[.]76
• 104.238.159[.]149
• 96.9.125[.]147
• Unusual POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit
• Unusual POSTs to /_layouts/16/ToolPane.aspx?DisplayMode=Edit
• spinstall0.aspx in SharePoint Layouts folders

Vulnerabilities:

• CVE-2025-53770 (new, no patch as of 2025-07-20)
• CVE-2025-49704 (2025-07-08 patch)
• CVE-2025-49706 (2025-07-08 patch)

Only mitigations at this time require both SharePoint AMSI integrations to be enabled and Microsoft Defender in Active mode. Other AV is not confirmed.

Also see

• https://research.eye.security/sharepoint-under-siege/
• https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-07-19-Microsoft-SharePoint-vulnerabilities-CVE-2025-49704-and-49706.txt
• https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
• https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
• https://x.com/msftsecresponse/status/1946737930849939793

cross-posted from: https://lemmy.sdf.org/post/38801109

Archived

The Spanish Ministry of Interior has awarded a €12.3 million ($14.3 million) contract to Huawei to manage information obtained through judicial wiretaps [...] Such cooperation between an EU-member state and a technology company central to the Chinese Communist Party’s (CCP) normalisation of censorship and surveillance technology around the world must be opposed.

[...]

Spain contracts the use of high-performance Huawei OceanStor 6800 V5 servers to store and classify information obtained by Spanish security agencies.

The deal follows from existing cooperation between the Spanish government and Huawei to provide technical support to SITEL, Spain’s system for telecommunications interception. Previously, The Objective reported that Spain’s National Police Corps and Civil Guard have partnered with Huawei technologies despite having never conducted the required security certification process with the National Intelligence Centre.

Right group ARTICLE 19’s Head of Global China Programme Michael Caster, commented: 

‘Spain should know better than to partner, at any stage of its tech stack, with techno-authoritarian China, well-documented for deploying sophisticated rights-abusing surveillance tools and technologies against its own population, including in the commission of crimes against humanity in Xinjiang. No rights-minded democratic state should be facilitating the international normalisation of Chinese surveillance technology.’

[...]

The risk of Huawei sending potentially sensitive information back to China is not unfounded. For example, in 2018 French newspaper Le Monde first reported that confidential network data from the African Union headquarters in Addis Ababa had been mysteriously uploaded to servers in Shanghai every night at the same time between 2012 and 2017. Huawei was the primary supplier for the organisation’s computer system, although the company refuted surveillance claims.

Beyond legal requirements to comply with censorship and surveillance demands, China compels its national technology champions, like Huawei, to ‘unswervingly follow the Party’. This directive arises from the 2020 Party Central Committee Opinions on Strengthening the United Front Work of the Private Economy in the New Era, which directs Chinese companies to safeguard national interests and promote a positive image of the country. Such directives are part of the CCP’s capture of the private sector, compelling compliance with Information and Communication Technology laws noted above and support for broader information manipulation efforts.

Such concerns are compounded when taken together with rising transnational repression from China targeting overseas Chinese communities, including through the manipulation of Interpol Red Notice, exploitation of extradition treaties, or other law enforcement cooperation. ARTICLE 19’s recent report on China’s transnational repression of protest documents numerous cases across the EU, while others including Spain-based Safeguard Defenders have highlighted cases in Spain, such as China’s overseas police stations in Madrid.

[...]

Despite obvious human rights risks, Spain’s Prime Minister Pedro Sánchez has been notably favourable to Huawei, defending the company in public, and permitting Huawei to operate research centres in Madrid. He has been critical of EU efforts to prevent Huawei from Europe’s 5G infrastructure – a stark contrast to the European Union’s cybersecurity of 5G networks toolbox for risk mitigation measures, which explicitly calls for prohibition of ‘high-risk’ suppliers such as Huawei.

[...]

cross-posted from: https://lemmy.sdf.org/post/38794024

Archived

The U.S. Federal Communications Commission said on Wednesday it plans to adopt rules to bar companies from connecting undersea submarine communication cables to the United States that include Chinese technology or equipment.

"We have seen submarine cable infrastructure threatened in recent years by foreign adversaries, like China," FCC Chair Brendan Carr said in a statement. "We are therefore taking action here to guard our submarine cables against foreign adversary ownership, and access as well as cyber and physical threats."

[...]

The FCC will also seek comment on additional measures to protect submarine cable security against foreign adversary equipment. The cutting of two fiber-optic undersea telecommunication cables in the Baltic Sea prompted investigations of possible sabotage.

In 2023 Taiwan accused two Chinese vessels of cutting the only two cables that support internet access on the Matsu Islands and Houthi attacks in the Red Sea may have been responsible for the cutting of three cables providing internet service to Europe and Asia.